In-Depth Guide to Public Company Auditing: The Financial Statement Audit

Transcription

1 In-Depth Guide to Public Company Auditing: The Financial Statement Audit

2 Why an In-Depth Guide to Public Company Auditing? The foundation for confidence in U.S. capital markets is strengthened through effective management, regulation, oversight and assurance. Independent audits of public company financial statements are understood to be a core contributor to this foundation. In 2009, the Center for Audit Quality (CAQ) published the Guide to Public Company Auditing an educational tool for non-auditors that provides an introduction and overview of the key processes, participants and issues related to public company auditing. The foundational guide can be accessed at The foundational guide, however, only touched the surface of the work involved in an audit of a public company s financial statements and the context within which public company auditing takes place. The objective of the In-Depth Guide to Public Company Auditing is to give readers a behind-the-scenes look inside the financial statement audit process to provide further insight into the work the independent auditor performs to issue an audit report. This includes processes and practices that determine how a public company audit firm decides to accept a new audit engagement, how it prepares for and performs the financial statement audit, and how it reports its findings. This guide provides a basic definition of the financial statement audit for public companies and the key players involved in the financial reporting process. Next, it takes a look at an audit firm s system of quality control the platform for a quality financial statement audit. Then it takes a chronological look at the steps generally taken by independent auditors to audit a company s financial statements: engagement acceptance and continuance activities; planning and scoping the audit; and performing and completing the audit. May 2011

3 What is a Financial Statement Audit? An independent financial statement audit is conducted by a registered public accounting firm. It includes examining, on a test basis, evidence supporting the amounts and disclosures in the company s financial statements, an assessment of the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation to form an opinion on whether the financial statements taken as a whole are free of material misstatement. The independent auditor s overarching goal is to provide financial statement users with reasonable but not absolute assurance that the financial statements prepared by management are fairly presented. To communicate that assurance, the independent auditor provides a report that includes an opinion about whether the company s financial statements are fairly presented, in all material respects, in conformity with U.S. generally accepted accounting principles (GAAP). An important element of the framework that company management maintains to enable it to produce reliable financial statements is internal control over financial reporting (ICFR). Public companies with market capitalization of $75 million or more are required by law to have an audit of management s assessment of the effectiveness of ICFR that is integrated with an audit of the financial statements. This is referred to as an integrated audit. The objectives of these two types of audits are complementary but not identical. They are performed by the same audit firm at the same time and are usually integrated in the sense that procedures supporting the opinion on financial statements are executed concurrently with procedures that involve testing of the related controls. As discussed in a later section, control testing may impact the nature, timing and extent of substantive testing performed. This In-Depth Guide to Public Company Auditing focuses principally on the audit work required to produce an opinion on the financial statements. INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR) Under Section 404 of the Sarbanes-Oxley Act of 2002, management is responsible for establishing and maintaining a system of ICFR. Management is also required to provide an annual assessment of the effectiveness of its internal control structure and procedures for financial reporting to investors in its annual report. In addition, public companies with market capitalization of $75 million or more are required to include an attestation report of its independent auditor on the effectiveness of ICFR. The audit of ICFR is integrated with the audit of the financial statements of the company. The objectives of the audits are not identical, however, and the independent auditor designs his or her testing of controls to accomplish both audits simultaneously. 3

4 Who are the Key Players? The financial statement audit report is the culmination of the audit, but it is based on the responsibilities of three distinct but interrelated groups that make up the financial reporting supply chain. Company Management Bears the primary responsibility for the company s financial statements. Management also is responsible for implementing and maintaining internal control over financial reporting and for periodically assessing its operating effectiveness. Audit Committee Oversees the financial reporting process, including internal control over financial reporting. The audit committee also is responsible for the appointment, compensation, and oversight of the independent auditor. Often, the audit committee oversees the company s internal audit group as well. Independent Auditor Provides a public audit report on the company s annual financial statements. That report provides an opinion about whether the financial statements taken as a whole are fairly presented, in all material respects, in accordance with GAAP. Independent auditors are external to the company and Internal Audit (Optional) Audit Committee Independent Auditor Company Management must be independent of the organizations they audit in accordance with specific regulations governing their independence. They report directly to the audit committee, which engages them and oversees their work. Although not required, a number of public companies also employ an internal audit function. As defined by The Institute of Internal Auditors, internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization s operations. The scope of internal auditing within an organization is broad and may involve topics such as the efficacy of operations, the reliability of financial reporting, deterring and detecting fraud, safeguarding assets, and compliance with laws and regulations. 4 KEY AUDIT COMMITTEE RESPONSIBILITY: SELECTING THE AUDITOR In accordance with Section 301 of the Sarbanes-Oxley Act of 2002: The audit committee of each issuer, in its capacity as a committee of the board of directors, shall be directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm employed by that issuer (including resolution of disagreements between management and the auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work, and each such registered public accounting firm shall report directly to the audit committee. INDEPENDENT AUDITOR S RESPONSIBILITY: SERVING THE PUBLIC INTEREST Independent auditors perform their engagements with a skeptical mindset, and they cannot hesitate to challenge management s assertions whenever those assertions run counter to the audit evidence and the auditor s own judgment. It is not uncommon for independent auditors and company management to have different views, for example, over the accounting treatment of a particular transaction, the disclosure of certain information, or the reasonableness of an accounting estimate. However, at all times the independent auditor is called upon to act in a way that serves the public s interest, not the interest of company management. If significant differences cannot be resolved, the audit committee is called upon to resolve the issue. In rare circumstances where the auditor is not satisfied with the outcome, the auditor may resign from the engagement, inform the Securities and Exchange Commission (SEC) of the issue, or both.

5 What is the Importance of the Audit Firm s System of Quality Control? The foundation for a quality financial statement audit is the audit firm s system of quality control. An audit firm s leadership is critical in setting the proper tone at the top, conveying through words and actions that quality work is of paramount importance. An audit firm s system of quality control consists of all the activities undertaken by the audit firm to promote audit quality and includes, for example: The establishment of firm policies for the implementation of professional standards, including standards of objectivity, integrity and auditor independence requirements. Personnel management, which includes policies and procedures related to hiring, assigning personnel to engagements, training, professional development, and advancement. The establishment of firm policies for acceptance and continuance of clients and engagements. The development, maintenance and deployment of firm-specific methods and tools for conducting audits. Monitoring of audit quality, including multiple levels of review on each engagement and the regular performance of in-firm quality inspections. Regular review of other elements of the firm s quality control system. These activities are driven by professional standards, the audit firm s own standards of quality, and feedback from external inspections of the auditor s work by the regulator of public company auditors, the Public Company Accounting Oversight Board (PCAOB). THE PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD The PCAOB was created by the Sarbanes-Oxley Act of 2002 and is a private-sector, non-profit corporation overseen by the SEC and independent from the auditing profession. The PCAOB is charged with overseeing accounting firms that audit the financial statements of public companies. This oversight role includes responsibility for development of auditing and related professional practice standards as well as performing independent inspections of registered public accounting firms, and enforcement authority related to the rules of the PCAOB and the SEC. 5

6 How Do Audit Firms Accept Audit Engagements? Performing public company audits involves several risks to the audit firm and results in lending an audit firm s credibility to the company s SEC filings through the issuance of an auditor s report. Before accepting a new audit engagement, the audit firm takes important steps to meet its responsibilities and to protect its reputation. Given the significance of the firm s acceptance and continuance process, the procedures and final decision typically involve significant input from the firm s senior partners. Before accepting a new audit engagement, the audit firm will gather information about the nature and complexity of the company s business, the qualifications and reputation of senior management and its board of directors, and the needed expertise required to complete the audit. Independent auditors use this information to make a preliminary assessment of the risks associated with the proposed engagement and whether the company s management is able to fulfill its responsibilities for financial reporting. Consider Reputational Risks When deciding whether to accept a new engagement, audit firms carefully consider the reputation and integrity of company management. Audit firms typically perform background checks on certain members of senior management and the audit committee to mitigate the risk of entering into an engagement with principals who may engage in questionable or unethical business practices. If the audit firm is taking over the engagement from another firm, it will make inquiries of the previous independent auditors about matters such as management s integrity, the nature of any disagreements the predecessor may have had with management or the audit committee, and the predecessor s understanding of the reasons why the company is changing audit firms. Consider Requisite Auditor Expertise During the engagement acceptance process, the audit firm also evaluates whether it has the necessary industry-specific expertise (e.g., energy, biotechnology, or financial services) and resources to perform the engagement with competence and due professional care. When considering auditing the financial statements of a company that operates with specialized business practices and accounting standards, the audit firm wants to be satisfied that team members will have the proper training and experience relative to those specialized practices. Consider Auditor Independence Public company auditors are subject to strict independence rules as promulgated by the PCAOB and the SEC. As such, a firm will review the investment holdings, business and personal relationships of its partners and professionals, and other matters of the firm and its personnel to make sure it is independent and free from relationships that would prevent its auditors from, in fact or appearance, objectively performing the audit. Once the client has been accepted, independence must be rigorously maintained by the audit firm so long as it is engaged. Continuance of Engagement Each year prior to the commencement of a recurring audit, the audit firm updates its understanding of the engagement, the company s management, and its own capabilities to determine whether the firm should continue serving as independent auditors. Companies are constantly evolving and, as a result, it is important to reassess the prudence of continuing to be associated with a particular company on an ongoing basis. 6

7 How Does the Auditor Plan the Financial Statement Audit? If, after the engagement acceptance or continuance assessment, the independent auditor decides to accept or continue the engagement, and the company s audit committee decides to hire or reappoint the independent audit firm, the audit team spends additional time with the audit committee and company management to further understand the company s business and industry for the purpose of identifying and assessing the risks of material misstatement in order to plan and set the scope of the financial statement audit. The outcome of the planning and scoping process is an audit plan which is followed in order to complete the audit. Audit plans are modified as circumstances occur during the course of the audit engagement. Reasonable Assurance and Materiality All audits are guided by two important factors: reasonable assurance and materiality. These two factors impact the way in which the independent auditor examines, on a test basis, transactions that occurred and controls which functioned during the year. The extent or scope of the testing is also driven by the auditor s risk assessment. Because it is not practical for independent auditors to examine every transaction, control and event, there is no guarantee that all material misstatements, whether caused by error or fraud, will be detected. Instead, the audit is designed to provide a level of assurance that is reasonable but not absolute. Absolute assurance from the audit is, practically speaking, impossible. Independent auditors cannot test 100 percent, or, in most cases, even a majority of transactions recorded by a company; it would preclude timely financial reporting and be prohibitively expensive and resource intensive. The concept of materiality is applied in planning and performing the audit, in evaluating the effect of any identified misstatements, and in forming the opinion included in the independent auditor s report. Determining materiality involves both quantitative and qualitative considerations. As a result, there is not one specific quantitative threshold that is used in evaluating materiality; rather, a combination of factors, both quantitative and qualitative, are considered. The determination of materiality is a matter of professional judgment and is affected by the independent auditor s assessment. Inherent in reaching judgments about materiality is the concept of what a reasonable investor would deem important. Assembling the Right Engagement Team To properly carry out its responsibilities, the audit firm assembles a team of independent auditors that has skill and knowledge commensurate with the needs of the engagement. Audit team members are then assigned areas of responsibility that are appropriate based on their capabilities. The more senior team members typically take responsibility for planning and directing the audit and for the supervision and review of the work performed by less experienced members of the team. Audit team leaders also manage the timing of the engagement and the performance of the audit team to ensure a timely and efficient audit. In some instances, audit procedures may be performed throughout the year, not just after year-end. 7

8 When auditing a company that operates in an industry with specialized business practices and accounting standards, the team includes members who have the proper training and experience in those specialized practices. Engagement teams are typically staffed with varying levels of experience, and therefore supervision and review by more senior auditors is important to the promotion of audit quality. Some financial statement audits require the expertise of specialists to supplement the work of the core engagement team. Those specialists may either be within the audit firm itself or engaged from outside the firm to supplement the audit team. For example, audit engagement teams may involve information technology specialists, income tax specialists, appraisers, business valuation specialists, or actuaries, among other such professionals. These individuals bring not only additional expertise to the audit but also a fresh perspective that often helps the audit team to appropriately make audit judgments. Any work performed by a specialist is reviewed by the audit partner. AUDIT RISK Audit risk is defined as the risk that the independent auditor expresses an inappropriate audit opinion when the company s financial statements are materially misstated. The main components of audit risk consist of the following: Inherent risk is the risk that an account will contain an error irrespective of the company s internal controls. For example, amounts that are based on highly subjective accounting estimates or the application of complex accounting standards have a higher risk of being materially misstated than amounts that are more objective in nature and based on relatively uncomplicated, well-established accounting standards. Control risk is the risk that the company s internal control system will fail to prevent or detect and correct a material misstatement of the financial statements. Detection risk is the risk that the independent auditor s procedures will not detect a misstatement that exists that could be material (individually or when aggregated with other misstatements). The independent auditor seeks to reduce the level of detection risk through the nature, timing, and extent of the audit tests performed. Inherent and control risk are functions of the company and its environment while detection risk is not. Assessing a Company s Risks that the Financial Statements Contain Material Misstatements Every financial statement audit engagement presents a different set of challenges to an audit firm. No two companies are the same and therefore the independent auditor must tailor the audit to each company, based on the specific risks identified. The design of an effective audit plan depends on the audit team s ability to identify and assess the risk that the financial statements contain a material misstatement, whether caused by error or fraud. The risk assessment process includes: Obtaining an understanding of the company and the environment in which it operates. This includes efforts to understand the events, conditions, and company activities that might reasonably be expected to have a significant effect on the risks of material misstatement. An understanding of the 8

9 company and the environment will often involve consideration of such things as the company s industry, regulatory environment, business objectives and strategies, and selection and application of accounting principles. Considering information gathered during the engagement acceptance and continuance evaluation, audit planning activities, prior audits, and other non-audit engagements performed for the company. Inquiring of the audit committee, management, and others within the company about risks of material misstatement. Obtaining an understanding of the company s internal control over financial reporting. Performing analytical procedures, such as a comparison of a company s current financial statement account balances to prior year financial statements and/or a comparison of current relevant financial ratios to industry ratios or prior year ratios. Conducting a discussion among engagement team members regarding the risks of material misstatement. As it relates to fraud, the discussion typically includes an exchange of ideas, or brainstorming, among the key engagement team members, including the engagement partner, about how and where they believe the company s financial statements might be susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent financial reporting, how assets of the company could be misappropriated, and consideration of the potential audit responses to the susceptibility of the company s financial statements to material misstatement due to fraud. The independent auditor s risk assessment process will include inquiries of management and the audit committee regarding fraud risks, including: Inquiries of management regarding whether management has knowledge of fraud, alleged fraud, or suspected fraud affecting the company; management s process for identifying and responding to fraud risks; and whether and how management communicates to employees its views on business practices and ethical behavior. Inquiries of the audit committee regarding their views about fraud risks in the company; whether the audit committee has knowledge of fraud, 9

10 alleged fraud, or suspected fraud affecting the company; whether the audit committee is aware of tips or complaints regarding the company s financial reporting and, if so, the audit committee s responses to such tips and complaints; and how the audit committee exercises oversight of the company s assessment of fraud risks and the establishment of controls to address fraud risks. If the company has an internal audit function, inquiries of appropriate internal audit personnel regarding the internal auditors views about fraud risks in the company; whether the internal auditors have knowledge of fraud, alleged fraud, or suspected fraud affecting the company; whether internal auditors have performed procedures to identify or detect fraud during the year, and whether management has satisfactorily responded to the findings resulting from those procedures; and whether internal auditors are aware of instances of management override of controls and the nature and circumstances of such overrides. Inquiries of others within the company (e.g., operating personnel not directly involved in the financial reporting process, in-house legal counsel) about their views regarding fraud risks, including, in particular, whether they have knowledge of fraud, alleged fraud, or suspected fraud. The results of the risk assessment completed during the planning stages of an audit provide the basis for determining the scope of the audit and nature, timing, and extent of the audit tests that will be performed. Audit planning is a continuous process, however, and the audit scope might be adjusted during the course of the audit based on audit results or consideration of other factors. WHAT IS THE AUDITOR S RESPONSIBILITY FOR DETECTING FINANCIAL REPORTING FRAUD? It is management s responsibility to design and implement programs and controls to prevent, deter, and detect financial reporting fraud. Audits are designed to identify and assess fraud risk and detect material financial reporting fraud. The PCAOB auditing standards require that an independent auditor plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. However, as noted in PCAOB Interim Auditing Standard AU Section 316, Consideration of Fraud in a Financial Statement Audit, absolute assurance is not attainable and thus even a properly planned and performed audit may not detect a material misstatement resulting from fraud. A material misstatement may not be detected because of the nature of audit evidence or because the characteristics of fraud may cause the independent auditor to rely unknowingly on audit evidence that appears to be valid, but is, in fact, false and fraudulent. 10

11 How Does the Auditor Perform a Financial Statement Audit? Developing an Audit Strategy With a mindset of professional skepticism, independent auditors seek to gather sufficient, appropriate audit evidence to support their opinion about the financial statements. Because the facts and circumstances of an audit typically vary dramatically between companies, the standards describe a principles-based process and provide guidance to help independent auditors use their judgment in the application of these principles on a particular engagement. In developing an audit strategy, the independent auditor considers internal controls and determines whether to rely on those controls for various components of the audit. The independent auditor may decide (and for public companies with market capitalization of $75 million or more, auditors are required) to perform tests of the company s internal control over financial reporting. An independent auditor assesses the desirability of adopting such a strategy by considering factors such as cost/benefit considerations, size of the company, and prior year results of control testing. If test results indicate that the company s internal controls are effective, the independent auditor may decide to reduce the level of substantive tests that it performs as a basis for its opinion. Auditor s Professional Judgment Audit Engagement Acceptance Communicate Results Audit Report Audit Committee Assemble Audit Team Evaluate Results & Conclude Audit Firm s System of Quality Control Engagement Quality Review Risk Assessment Documentation Audit Procedures Audit Strategy Auditor s Professional Skepticism 11

12 It is important to note that a control reliance approach is not the equivalent of an integrated audit. An integrated audit is designed to express an opinion on the effectiveness of ICFR, while a control reliance strategy considers controls for purposes of determining the nature, timing and extent of substantive testing to be performed. However, the independent auditor is precluded from relying exclusively on the company s internal controls as a basis for concluding that the financial statements are free from material misstatement. For example, in audits of companies with excellent controls, independent auditors will still perform substantive tests of balances, transactions, and disclosures, but to a lesser degree in those instances. Notwithstanding the auditor s understanding of internal controls, the independent auditor may choose an audit strategy that relies heavily or almost exclusively on substantive tests to gather the audit evidence necessary to form an opinion on the financial statements. Regardless of the strategy chosen, the independent auditor will perform a sufficient level of substantive audit procedures to support the auditor s opinion, which provides reasonable assurance that the financial statements taken as a whole are free of material misstatement. Table 1: Types of Audit Procedures Independent auditors can perform a wide variety of procedures and combinations of procedures to gather the evidence needed to support their opinion on the financial statements. TYPE OF PROCEDURE DESCRIPTION Inspection Observation Inquiry The examination of records or documents, whether internal or external, in paper form, electronic or other media, or physically examining an asset. For example, inspecting a sample of invoices. Observing a process or procedure being performed by company personnel or others. For example, observing a company s physical inventory count, and re-performing counts on a test basis. Seeking information from knowledgeable persons in financial or nonfinancial roles within the company or outside the company. Choosing Audit Procedures In designing the audit strategy, judgments are made in the selection of the auditing procedures to be performed (see Table 1). In doing so, the independent auditor considers three factors. Nature. The independent auditor can choose from a variety of audit procedures. Some are better suited than others to address certain types of risks. For example, the physical observation of property (e.g., building, land) is an effective procedure to establish the physical existence of the asset reported on the company s balance sheet. It is not an effective procedure to address the risk that the financial statements do not reflect the correct value of the asset (i.e., the dollar amount at which the asset is recorded). Choosing an audit procedure that most directly addresses the identified risk is arguably the most important factor in designing effective audit procedures. The independent auditor also recognizes that some audit procedures result in more reliable audit evidence than other audit procedures. Confirmation Recalculation Analytical procedures Reperformance Obtaining information or representation of an existing condition directly from a knowledgeable third party. Checking the mathematical accuracy of documents or records. Comparison of recorded amounts, or ratios developed from recorded amounts, to expectations developed by the independent auditor. The auditor s independent execution of procedures or controls that originally were performed as part of the company s internal control over financial reporting. 12

13 For example, the independent auditor s confirmation of account balances from third parties may be more reliable evidence than inspection of internally generated company documents. Timing. Some of the independent auditor s tests are performed as of the balance sheet date. For example, the independent auditor may confirm with the company s lender the amount of a loan balance at December 31. Often the independent auditor performs tests as of a date prior to the balance sheet date. For example, the company may perform its annual inventory count at a date other than December 31. In that case, the independent auditor will perform certain tests of inventory as of that interim date and then perform some tests of the activity between that date and year-end to draw a conclusion about inventory balances at year-end. Extent. Independent auditors must determine the extent of testing they will perform. For example, the necessary extent of a substantive audit procedure will often depend on the materiality of the account, disclosure, or transactions, the assessed risk of material misstatement, and the necessary degree of assurance from the procedure. The nature, timing and extent of auditing procedures are driven by judgments based upon the results of the independent auditor s risk assessment and planning processes. Testing Controls A company s system of internal control over financial reporting is a system of processes designed by a company s management so they may provide reasonable assurance, as required by law, that their financial reporting is reliable and that their financial statements for external purposes have been prepared in accordance with GAAP. If the independent auditor chooses to pursue an audit strategy that relies on a company s internal controls he or she will test the design of the company s relevant control systems to assess the operating effectiveness of certain internal controls. In assessing the operating effectiveness of a control, the independent auditor considers detected deviations or deficiencies in management s internal control procedures, such as documents not properly approved, reconciliations not regularly performed, or failure to enforce the appropriate segregation of duties. Tests of controls typically involve: Inspection of documents for evidence of proper approval or acknowledgement of the performance of control procedures. Observation of procedures to determine that proper procedures, particularly segregation of duties, are being applied. Reperformance of procedures to see they have been correctly performed. Application of test data to computer programs or other procedures to determine that programmed application controls are functioning properly. For purposes of efficiency and convenience, the testing of controls and substantive testing of transactions will 13

14 often occur simultaneously. In such situations the independent auditor will make an assumption about the results of tests of controls. If these tests do not confirm that the controls operate as intended, the audit strategy will be reconsidered and the level (nature, timing and extent) of substantive procedures modified. Performing Substantive Audit Procedures Substantive audit procedures provide evidence as to whether actual account balances are fairly stated. The procedures are used to obtain audit evidence about particular financial statement assertions by management. Financial statement assertions can be classified into the following categories: Existence or Occurrence Assets or liabilities of the company exist at a given date, and recorded transactions have occurred during a given period. Completeness All transactions and accounts that should be presented in the financial statements are so included. Valuation or Allocation Asset, liability, equity, revenue, and expense components have been included in the financial statements at appropriate amounts. Rights and Obligations The company holds or controls rights to the assets, and liabilities are obligations of the company at a given date. Presentation and Disclosure The components of the financial statements are properly classified, described, and disclosed. The independent auditor s substantive procedures include: Substantive Analytical Procedures. In these tests, independent auditors gather evidence about relationships among various accounting and non-accounting data such as industry and economic information. When relationships are significantly different from the auditor s expectations, the independent auditor will seek to understand the reason and undertake additional investigation until satisfied that items were properly recorded. Examples of variations in relationships among data can include specific unusual transactions or events, accounting changes, business changes, or misstatements. For example, if a company s cost of sales in the income statement has historically been 68% of revenues, but in one period is 80%, the auditor would investigate the apparent anomaly until satisfied that he or she understood the reasons for the change. Substantive Tests of Details of Account Balances, Transactions and Disclosures. The details supporting financial statement accounts are tested to obtain assurance that material misstatements do not exist. Substantive procedures may be performed on a sample basis over an existing group of similar transactions. Sampling approaches can either be statistical or non-statistical. A simple example of this type of audit procedure would be to examine vendor invoices and bank statements to support a recorded expense. Independent auditors can also select targeted samples to match specific risk criteria, as well as use the results of sample testing, in some instances, to conclude on the population as a whole. PROFESSIONAL SKEPTICISM Professional skepticism is fundamental to an independent auditor s objectivity and includes a questioning mind and an objective assessment of audit evidence. It requires an emphasis on the importance of maintaining the proper state of mind throughout the audit. The independent auditor uses his or her knowledge, skill, and ability to diligently perform, in good faith and with integrity, the gathering and objective evaluation of audit evidence. Given that evidence is gathered and evaluated throughout the audit, professional skepticism is exercised throughout the entire audit process. 14

15 Evaluating Test Results and Concluding Professional standards define certain requirements and provide broad guidelines about the evaluation of audit evidence. However, the independent auditor also is required to exercise professional judgment to determine the nature and amount of evidence required to support the audit opinion. As the audit progresses, the audit team completes its tests and evaluates the results. A portion of this evaluation is qualitative in nature, in which the independent auditor considers whether the test results confirm or contradict management s assertion that the financial statements are prepared in accordance with GAAP or that ICFR are operating effectively. Depending on the test results, the engagement team may need to adjust its audit plan, modify its tests, or perform additional procedures in response to this updated information as warranted. When the independent auditor discovers misstatements in the accounting records or financial statements, he or she informs company management, who then decide whether and how to make any adjustments. Management bears the ultimate responsibility for the financial statements and may determine that some misstatements are immaterial in their judgment and do not warrant a change to the financial statements. The audit team summarizes any uncorrected misstatements and performs an independent evaluation as to whether the uncorrected misstatements both individually and in the aggregate result in financial statements that are materially misstated. The independent auditor cannot express an unqualified opinion on the company s financial statements unless he or she is satisfied that there are no material misstatements. Misstatements discovered by the independent auditor during the course of the audit (even those misstatements that are corrected in the financial statements by management prior to issuing the financial statements), are required to be communicated to the audit committee. Documentation Independent auditors document the procedures performed, evidence obtained, and conclusions reached. This documentation is intended to include sufficient information to enable an experienced auditor with no previous connection with the engagement to understand the nature, timing, extent, and results of the procedures performed, evidence obtained, and conclusions reached as well as who performed the work, the date such work was completed, who reviewed the work, and the date of such reviews. Engagement Quality Review The audit process includes quality control procedures prior to the audit firm s issuance of its report, among them a review of audit procedures that is performed by another professional within or outside of the audit firm also known as an engagement quality review. The objective of the engagement quality reviewer is to evaluate the significant judgments and conclusions made by the engagement team in forming the overall conclusion on the engagement and in preparing the independent auditor s report in order to determine whether to provide concurring approval on issuing the report. AUDITOR S PROFESSIONAL JUDGMENT The independent auditor s objective is to obtain sufficient appropriate audit evidence to provide a reasonable basis for forming an opinion on the financial statements. How much evidence is sufficient and what kind of evidence is collected is based on the auditor s judgment. Auditor judgment is also required in interpreting the results of audit testing and evaluating audit evidence. More judgment is needed when auditing accounting estimates in financial statements, the measurements of which are inherently uncertain and depend on the outcome of future events. Independent auditors exercise professional judgment in evaluating the reasonableness of accounting estimates based on information that could reasonably be expected to be available prior to the completion of the audit. As a result, with regard to the company s accounting estimates, the independent auditor often has to rely on evidence that is persuasive rather than convincing. 15

16 What is the Audit Report? At the conclusion of the audit, the independent auditor issues the audit report. This report contains three main elements: An introduction that identifies the financial statements that were audited and the division of responsibility between the independent auditor and management. A discussion of the scope of the engagement, which describes the nature of the audit. The independent auditor s opinion on the financial statements. If the independent auditor concludes that the financial statements, taken as a whole, present fairly, in all material respects, the financial position, results of operations and cash flows of the company in accordance with the appropriate financial reporting framework (e.g., U.S. GAAP), the independent auditor issues what is known as a standard unqualified opinion. It is important to recognize that, even though the audit is planned and performed at the individual account level, independent auditors express an opinion on the financial statements taken as a whole. Independent auditors do not provide opinions on individual accounts or disclosures. Depending on the results of the engagement, the standard opinion may be modified (see Table 2). Audit Committee Communications The dynamic between management, its board of directors, and the external auditor was significantly changed with the Sarbanes-Oxley Act of 2002 in order to foster Table 2: Types of Financial Statement Audit Opinions UNQUALIFIED OPINIONS Standard unqualified opinion DESCRIPTION It states that the financial statements present fairly, in all material respects, the financial position, results of operations, and cash flows of the company in conformity with GAAP. Explanatory language added DEPARTURES FROM UNQUALIFIED OPINIONS Qualified opinion* Adverse opinion* Disclaimer opinion* Certain circumstances, while not affecting the independent auditor s unqualified opinion, may require the auditor to add a paragraph to the standard report. For example, a change in an accounting principle or its application, or another matter that warrants emphasis. DESCRIPTION A qualified opinion modifies the standard opinion by stating that the financial statements are a fair presentation except for the effects of certain matters. An adverse opinion states that the financial statements do not present fairly the financial position, results of operations, and cash flows of the company in conformity with GAAP. In a disclaimer of opinion, the independent auditor declines to express an opinion because he or she was unable to access enough information to form an opinion, or because the scope of the audit was restricted by the company. * Financial statements with a qualified, adverse or disclaimer of opinion represent a substantial deficiency in the reporting requirements for a company s filing. As a result, the SEC would be expected to require the company to take corrective measures. 16

17 overall improvements to the financial reporting process. Instead of company management, the audit committee of the board of directors is now directly responsible for the appointment, compensation, and oversight of the work of the external auditor, and the auditor reports directly to the audit committee. The Act also amended the composition of audit committees so that each member of the audit committee is now independent of the company. Additionally, the audit committee is responsible for establishing procedures for the receipt, retention, and treatment of complaints received by the company regarding accounting, internal accounting controls, or auditing matters, as well as the confidential anonymous submission by employees of the company of concerns regarding questionable accounting or auditing matters. All of these changes have resulted in a changed relationship and communications dynamic between these relevant parties. For its part, the independent auditor is expected to share information regarding the scope and results of the audit that may assist the audit committee in its role of overseeing the financial reporting process for which management is responsible. These communications may be either written or oral and can take place at any time throughout the audit. While discussions between the independent auditor and the audit committee frequently go beyond these examples, matters the independent auditor is expected to discuss with the audit committee include: Significant accounting policies, especially the effect of those policies in controversial or emerging areas for which proper accounting treatment has yet to be established. The process used by management to make significant accounting estimates and how the independent auditor determined that those estimates were reasonable. Any disagreements with management, whether or not satisfactorily resolved, about matters that individually or in the aggregate could be significant to the entity s financial statements or the independent auditor s report. Significant matters that were the subject of consultation when the independent auditor is aware of management s consultation with other accountants about auditing and accounting matters. Other matters arising from the audit that the auditor believes to be significant to the oversight of the financial reporting process. Discussions with the independent auditor are vital to the audit committee fulfilling its responsibility to company shareholders and others to oversee the integrity of a company s financial statements and the financial reporting process. An audit committee that is well-informed about accounting and disclosure matters relevant to the audit will be better able to carry out its responsibilities. AUDIT OPINIONS: GOING CONCERN Substantial doubt about the company s ability to continue as a going concern may warrant an explanatory paragraph. Absent information to the contrary, the company s ability to continue as a going concern is a valid assumption in financial reporting. Information that can significantly contradict the going concern assumption may include the company s inability to continue to meet its obligations as they become due without substantial disposition of assets outside the ordinary course of business, restructuring of debt, externally forced revisions of its operations, or other matters. If, after considering identified conditions, events and management s plans, the independent auditor concludes that substantial doubt remains about the entity s ability to continue as a going concern (generally, for a period of at least twelve months past the balance sheet date), the audit report will include an explanatory paragraph to reflect that conclusion. The independent auditor s judgment about the quality, not just the acceptability, of the company s accounting policies. Difficulties encountered in dealing with management related to the performance of the audit. Uncorrected misstatements and corrected material misstatements. 17

18 Conclusion Both science and art, the independent audit is a wide-ranging, complex undertaking that calls upon not just technical expertise but also a skeptical mindset and the willingness to exercise professional judgment. High-quality financial reporting plays an important role in promoting the integrity and reliability of the financial information that is the lifeblood of our capital markets. A comprehensive, quality financial reporting framework, overseen by an independent audit committee of the board, helps promote continuous improvement to the audit process that will enable audits to remain effective even in the face of a rapidly changing business environment. 18

19 The Center for Audit Quality and Its Vision The Center for Audit Quality is an autonomous, public policy organization based in Washington, D.C. It is governed by a board comprised of leaders from the public company audit firms, the American Institute of Certified Public Accountants, and three individuals independent of the profession. The CAQ is dedicated to enhancing investor confidence and public trust in the global capital markets by: Fostering high-quality performance by public company auditors. Convening and collaborating with other stakeholders to advance the discussion of critical issues requiring action and intervention. Advocating policies and standards that promote public company auditors objectivity, effectiveness and responsiveness to dynamic market conditions.

Guide to Public Company Auditing The Center for Audit Quality (CAQ) prepared this Guide to Public Company Auditing to provide an introduction to and overview of the key processes, participants and issues

INTERNATIONAL STANDARD ON ENGAGEMENTS 2410 OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY (Effective for reviews of interim financial information for periods beginning

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 Introduction THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS (Effective for audits of financial statements for

I. Purpose and authority CHARTER FOR THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS The Audit Committee is established by and among the Board of Directors (the Board ) for the primary purpose of assisting

Berkshire Hathaway Inc. Audit Committee Charter Committee Membership: The Audit Committee of Berkshire Hathaway Inc. (the Company ) shall be comprised of at least three directors, each of whom the Board

SEATTLE GENETICS, INC. Charter of the Audit Committee of the Board of Directors Purpose The purpose of the Audit Committee established by this charter will be to make such examinations as are necessary

INTERNATIONAL STANDARD ON 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON (Effective for audits of financial statements for periods

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING (Effective for audits of financial statements for periods beginning on or after December 15, 2005. The Appendix contains

Audit Committee Charter PURPOSE The Audit Committee (the Committee ) is a committee appointed by the Board of Directors (the Board ) of Tahoe Resources Inc. ( Tahoe ). The Committee is established to fulfill

FIRST CITIZENS BANCSHARES, INC. FIRST-CITIZENS BANK & TRUST COMPANY CHARTER OF THE JOINT AUDIT COMMITTEE As amended, restated, and approved by the Boards of Directors on July 28, 2015 This Charter sets

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTERCONTINENTAL EXCHANGE, INC. I. PURPOSE The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Intercontinental Exchange,

INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction

INTERNATIONAL STANDARD ON 240 THE AUDITOR S RESPONSIBILITIES RELATING TO (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction

Charter of the Audit Committee of the Board of Directors of The Ensign Group, Inc. Adopted & Effective April 26, 2007 Last Revised October 29, 2015 1. Purposes. The primary purposes of the Audit Committee

ISA 240 February 2008 International Standard on Auditing The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements INTERNATIONAL STANDARD ON AUDITING 240 The Auditor s Responsibilities

BIO-RAD LABORATORIES, INC. (the Company ) Audit Committee Charter Audit Committee Requirements and Structure The board of directors of the Company (the Board ) shall appoint an audit committee (the Audit

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON AUDITING (UK AND IRELAND)

RALLY SOFTWARE DEVELOPMENT CORP. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS Approved by the Board of Directors on March 19 2013 PURPOSE The primary purpose of the Audit Committee (the Committee

February 2015 Sample audit committee charter Sample audit committee charter This sample audit committee charter is based on observations of selected companies and the requirements of the SEC, the NYSE,

00-6 JAN 2013 General Audit Engagement Checklist (Ending on or After December 15, 2012) 20,401 Section 20,400 General Audit Engagement Checklist (For Financial Statements With Periods Ending On or After

Amended and Restated: February 24, 2010 AUDIT COMMITTEE OF THE TRUSTEES OF TEXAS PACIFIC LAND TRUST CHARTER PURPOSE The primary function of the Committee is to assist the Trustees of the Trust in discharging

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF SERVICEMASTER GLOBAL HOLDINGS, INC. Adopted by the Board of Directors on July 24, 2007; and as amended June 13, 2014. Pursuant to duly adopted

PURPOSE TABLEAU SOFTWARE, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS The primary purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Tableau Software,

AUDIT COMMITTEE CHARTER of the Audit Committee of the Board of Directors of ForeScout Technologies, Inc. (As amended and restated by the Board of Directors effective August 3, 2015) I. General Statement

BAKER HUGHES INCORPORATED CHARTER OF THE AUDIT/ETHICS COMMITTEE OF THE BOARD OF DIRECTORS (as amended and restated October 24, 2012) The Board of Directors of Baker Hughes Incorporated (the Company ) has

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS Paragraphs Introduction... 1-3 Characteristics of Fraud...

HALOGEN SOFTWARE INC. AUDIT COMMITTEE CHARTER PURPOSE The Audit Committee is a standing committee appointed by the Board of Directors of Halogen Software Inc. The Committee is established to fulfill applicable

FORTRESS TRANSPORTATION AND INFRASTRUCTURE INVESTORS LLC I. PURPOSE OF THE COMMITTEE CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS MAY 11, 2015 The purpose of the Audit Committee (the Committee

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS PURPOSE The Audit Committee (the Audit Committee ) is appointed by the Board of Directors (the Board ) of NVIDIA Corporation, a Delaware corporation

INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after June 15, 2006) CONTENTS Paragraph

SunTrust Banks, Inc. Audit Committee of the Board of Directors Charter PURPOSE The Audit Committee (the Committee ) is appointed by the Board of Directors (the Board ) of SunTrust Banks, Inc. (the Company

Guide to Pcaob Inspections october 2012 Since 2002, a new regulator, the Public Company Accounting Oversight Board (PCAOB), has had responsibility for overseeing auditors of public companies. Regular inspections

AMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER As adopted by the Board of Directors on December 9, 2013 The Board of Directors (the Board ) of American Airlines Group Inc. (the Company ) hereby sets

BELMOND LTD. (the "Company") Charter of the Audit Committee of the Board of Directors I. PURPOSE The Audit Committee of the Board of Directors of the Company is established for the primary purpose of assisting

INTERNATIONAL STANDARD ON AUDITING 500 AUDIT EVIDENCE (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of this ISA...

HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,

Purpose MATTEL, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) is to provide assistance to the Board of Directors (the Board ) of Mattel, Inc. (the

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 330 THE AUDITOR S PROCEDURES IN RESPONSE TO ASSESSED RISKS (Effective for audits of financial statements for periods beginning on or after 15 June 2006)

ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER ORGANIZATION The Audit Committee is a committee of independent members of the Board of Directors. Its function is to assist the Board in fulfilling

JAZZ PHARMACEUTICALS PLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS PURPOSE AND POLICY The purpose of the Audit Committee (the Committee ) shall be to act on behalf of the Board of Directors

Audit and Finance Committee Charter There shall be a committee of the Board of Directors (the Board ) of (the Corporation ) to be known as the Audit and Finance Committee ( Committee ) with purpose, composition,

CIT Group Inc. Charter of the Audit Committee of the Board of Directors Adopted: October 22, 2003 Last Amended: April 20, 2015 I. PURPOSE The purpose of the Committee is to assist the Board in fulfilling

International Game Technology PLC Audit Committee of the Board of Directors Charter The following will serve as the Charter for the Audit Committee of the Board of Directors of International Game Technology

Amended and Restated Charter of the Audit Committee of the Board of Directors of Tribune Publishing Company (As Amended November 11, 2014) This Charter sets forth, among other things, the purpose, membership

ARDMORE SHIPPING CORPORATION AUDIT COMMITTEE CHARTER This Audit Committee Charter ("Charter") has been adopted by the Board of Directors (the "Board") of Ardmore Shipping Corporation (the "Company"). The

COUPONS.COM INCORPORATED CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY This Charter specifies the authority and scope of the responsibilities of the Audit Committee (the

Purpose PASSUR AEROSPACE, INC (the "Company") AUDIT COMMITTEE CHARTER The purpose of the Audit Committee (the Committee ) shall be as follows: 11. To oversee the accounting and financial reporting processes

P&F INDUSTRIES, INC. AUDIT COMMITTEE CHARTER MEMBERSHIP The Audit Committee (the "Committee") of the board of directors (the "Board") of P&F Industries, Inc. (the "Company") shall consist of three or more

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 Purpose The Audit Committee (the Committee ) is created by the Board of Directors of

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER I. PURPOSE The Audit and Finance Committee (the Committee ) of Keysight Technologies, Inc. (the Company ) is appointed by the Board of Directors

Examination of an Entity s Internal Control 1403 AT Section 501 An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements Source:

AUDIT COMMITTEE CHARTER OF THE BOARD OF DIRECTORS I. PURPOSE The primary purpose of the Audit Committee (the Committee ) is to assist the Board of Directors (the Board ) of EastGroup Properties, Inc. (the

United States Government Accountability Office GAO By the Comptroller General of the United States December 2007 Government Auditing Standards: Implementation Tool Professional Requirements Tool for Use

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter Purpose The Audit Committee is appointed by the Board of Directors (the Board ) of Sears Hometown and Outlet Stores,

BUSINESS DEVELOPMENT CORPORATION OF AMERICA AUDIT COMMITTEE CHARTER This Audit Committee Charter was adopted by the Board of Directors (the Board ) of Business Development Corporation of America (the Company

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION (Effective for assurance reports dated on or after January 1,

I. STATEMENT OF POLICY SALESFORCE.COM, INC. CHARTER OF THE AUDIT AND FINANCE COMMITTEE OF THE BOARD OF DIRECTORS (Revised September 11, 2012) This Charter specifies the scope of the responsibilities of

Filings With the U.S. Securities and Exchange Commission 1073 AU-C Section 925 Filings With the U.S. Securities and Exchange Commission Under the Securities Act of 1933 Source: SAS No. 122. Effective for

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF KAISER ALUMINUM CORPORATION Purposes The Audit Committee of the Board of Directors of the Company oversees (a) the accounting and financial reporting

W. R. GRACE & CO. AUDIT COMMITTEE CHARTER I. Purpose. The purpose of the Audit Committee is to assist the Board of Directors in overseeing (1) the integrity of the Company s financial statements, (2) the

MACQUARIE INFRASTRUCTURE CORPORATION AUDIT COMMITTEE CHARTER A. Purpose The Audit Committee (the Committee ) has been established by the Board of Directors (the Board ) of Macquarie Infrastructure Corporation

Exposure Draft May 2014 Comments due: September 11, 2014 Proposed Changes to the International Standards on Auditing (ISAs) Addressing Disclosures in the Audit of Financial Statements This Exposure Draft